Subject: Policy for a Common Identification Standard for Federal Employees and Contractors

(1) Wide variations in the quality and security of forms of
identification used to gain access to secure Federal and other
facilities where there is potential for terrorist attacks need to be
eliminated. Therefore, it is the policy of the United States to
enhance security, increase Government efficiency, reduce identity
fraud, and protect personal privacy by establishing a mandatory,
Government-wide standard for secure and reliable forms of
identification issued by the Federal Government to its employees and
contractors (including contractor employees).

(2) To implement the policy set forth in paragraph (1), the
Secretary of Commerce shall promulgate in accordance with applicable
law a Federal standard for secure and reliable forms of identification
(the "Standard") not later than 6 months after the date of this
directive in consultation with the Secretary of State, the Secretary of
Defense, the Attorney General, the Secretary of Homeland Security, the
Director of the Office of Management and Budget (OMB), and the Director
of the Office of Science and Technology Policy. The Secretary of
Commerce shall periodically review the Standard and update the Standard
as appropriate in consultation with the affected agencies.

(3) "Secure and reliable forms of identification" for purposes of
this directive means identification that (a) is issued based on sound
criteria for verifying an individual employee's identity; (b) is
strongly resistant to identity fraud, tampering, counterfeiting, and
terrorist exploitation; (c) can be rapidly authenticated
electronically; and (d) is issued only by providers whose reliability
has been established by an official accreditation process. The
Standard will include graduated criteria, from least secure to most
secure, to ensure flexibility in selecting the appropriate level of
security for each application. The Standard shall not apply to
identification associated with national security systems as defined by
44 U.S.C. 3542(b)(2).

(4) Not later than 4 months following promulgation of the
Standard, the heads of executive departments and agencies shall have a
program in place to ensure that identification issued by their
departments and agencies to Federal employees and contractors meets the
Standard. As promptly as possible, but in no case later than 8 months
after the date of promulgation of the Standard, the heads of executive
departments and agencies shall, to the maximum extent practicable,
require the use of identification by Federal employees and contractors
that meets the Standard in gaining physical access to Federally
controlled facilities and logical access to Federally controlled
information systems. Departments and agencies shall implement this
directive in a manner consistent with ongoing Government-wide
activities, policies and guidance issued by OMB, which shall ensure
compliance.

(5) Not later than 6 months following promulgation of the
Standard, the heads of executive departments and agencies shall
identify to the Assistant to the President for Homeland Security and
the Director of OMB those Federally controlled facilities, Federally
controlled information systems, and other Federal applications that are
important for security and for which use of the Standard in
circumstances not covered by this directive should be considered. Not
later than 7 months following the promulgation of the Standard, the
Assistant to the President for Homeland Security and the Director of
OMB shall make recommendations to the President concerning possible use
of the Standard for such additional Federal applications.

(6) This directive shall be implemented in a manner consistent
with the Constitution and applicable laws, including the Privacy Act (5
U.S.C. 552a) and other statutes protecting the rights of Americans.

(7) Nothing in this directive alters, or impedes the ability to
carry out, the authorities of the Federal departments and agencies to
perform their responsibilities under law and consistent with applicable
legal authorities and presidential guidance. This directive is
intended only to improve the internal management of the executive
branch of the Federal Government, and it is not intended to, and does
not, create any right or benefit enforceable at law or in equity by any
party against the United States, its departments, agencies, entities,
officers, employees or agents, or any other person.

(8) The Assistant to the President for Homeland Security shall
report to me not later than 7 months after the promulgation of the
Standard on progress made to implement this directive, and shall
thereafter report to me on such progress or any recommended changes
from time to time as appropriate.